MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
openai
Search

Are OpenAI's ChatGPT Actions Being Abused To Scan For Web Vulnerabilities?

Sunday August 25, 2024. 10:47 PM , from Slashdot
Are OpenAI's ChatGPT Actions Being Abused To Scan For Web Vulnerabilities?
Long-time Slashdot reader UnderAttack explains: A blog post at the SANS Internet Storm Center suggests that OpenAI actions are being abused to scan for WordPress vulnerabilities.

Honeypot sensors at the Storm Center detected scans for URLs targeting WordPress that originated exclusively from OpenAI systems. The URLs requested all pages including the pattern '%%target%%', which may indicate that the scan is meant to include additional path components but the expansion of the template failed. The scans were not only identified by the unique user agent but also by the origin IP addresses matching addresses OpenAI published as being used for OpenAI actions. OpenAI actions allow OpenAI to connect to external APIs.

Johannes B. Ullrich, Ph.D., Dean of Research, SANS.edu, wrote that OpenAI seems to be scanning random IP addresses — including honeypots.

Read more of this story at Slashdot.
Read more at Slashdot
https://slashdot.org/story/24/08/25/2037200/are-openais-chatgpt-actions-being-abused-to-scan-for-web...

Related News

openai OpenAI Japan Exec Teases 'GPT-Next' SlashdotSep 6
actions OpenAI co-founder's Safe Superintelligence startup inhales $1B in funding TheRegisterSep 5
scan OpenAI might use Apple’s TSMC for chips ComputerWorldSep 3
being VS Code Fork 'Cursor' - the ChatGPT of Coding? SlashdotSep 1
vulnerabilities Apple might take a stake in OpenAI as it gets intelligent on AI ComputerWorldAug 30
are Vulnerabilities surge by 43 percent over 2023 BetaNewsAug 30
abused OpenAI, Anthropic agree to get their models tested for safety before making them public ComputerWorldAug 30
addresses ChatGPT Passes 200 Million Weekly Active Users SlashdotAug 30
storm Apple Is in Talks To Invest in OpenAI, WSJ Says SlashdotAug 29
urls Tim Ballard’s Claims to Fight Sex Trafficking Made Him a MAGA Star. These Women Told Police He Abused Them Wired: Tech.Aug 27
scans OpenAI Supports California AI Bill Requiring 'Watermarking' of Synthetic Content SlashdotAug 26
sans Internal AWS Sales Guidelines Spread Doubt About OpenAI's Capabilities SlashdotAug 26
including Vulnerabilities rise in first half of 2024 BetaNewsAug 26
chatgpt Devs at Asia's top messaging app drowned in Slack, tamed it with ChatGPT TheRegisterAug 23
openai's Google Play Will No Longer Pay To Discover Vulnerabilities In Popular Android Apps SlashdotAug 22
openai OpenAI opposes California AI bill as lawmakers prepare to vote ComputerWorldAug 22
actions Let Claude 3 Opus, MistralAI, and ChatGPT do your job for you! BoingBoingAug 21
scan Files 3.6 unveils new Actions menu and vertical pane alignment BetaNewsAug 21
being Condé Nast Signs Deal With OpenAI Wired: Tech.Aug 20
vulnerabilities GitHub rolls out AI-powered fixes for code vulnerabilities InfoWorldAug 16
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Sep, Thu 19 - 23:59 CEST